scm-webapp/src/main/java/sonia/scm/plugin/PluginInstaller.java

/*
 * MIT License
 *
 * Copyright (c) 2020-present Cloudogu GmbH and Contributors
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */
    
package sonia.scm.plugin;

import com.google.common.hash.HashCode;
import com.google.common.hash.Hashing;
import com.google.common.hash.HashingInputStream;
import sonia.scm.SCMContextProvider;
import sonia.scm.net.ahc.AdvancedHttpClient;

import javax.inject.Inject;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Optional;

@SuppressWarnings("UnstableApiUsage") // guava hash is marked as unstable
class PluginInstaller {

  private final SCMContextProvider context;
  private final AdvancedHttpClient client;
  private final SmpDescriptorExtractor smpDescriptorExtractor;

  @Inject
  public PluginInstaller(SCMContextProvider context, AdvancedHttpClient client, SmpDescriptorExtractor smpDescriptorExtractor) {
    this.context = context;
    this.client = client;
    this.smpDescriptorExtractor = smpDescriptorExtractor;
  }

  @SuppressWarnings("squid:S4790") // hashing should be safe
  public PendingPluginInstallation install(AvailablePlugin plugin) {
    Path file = null;
    try (HashingInputStream input = new HashingInputStream(Hashing.sha256(), download(plugin))) {
      file = createFile(plugin);
      Files.copy(input, file);

      verifyChecksum(plugin, input.hash(), file);
      verifyConditions(plugin, file);
      return new PendingPluginInstallation(plugin.install(), file);
    } catch (IOException ex) {
      cleanup(file);
      throw new PluginDownloadException("failed to download plugin", ex);
    }
  }

  private void cleanup(Path file) {
    try {
      if (file != null) {
        Files.deleteIfExists(file);
      }
    } catch (IOException e) {
      throw new PluginInstallException("failed to cleanup, after broken installation");
    }
  }

  private void verifyChecksum(AvailablePlugin plugin, HashCode hash, Path file) {
    Optional<String> checksum = plugin.getDescriptor().getChecksum();
    if (checksum.isPresent()) {
      String calculatedChecksum = hash.toString();
      if (!checksum.get().equalsIgnoreCase(calculatedChecksum)) {
        cleanup(file);
        throw new PluginChecksumMismatchException(
          String.format("downloaded plugin checksum %s does not match expected %s", calculatedChecksum, checksum.get())
        );
      }
    }
  }

  private void verifyConditions(AvailablePlugin plugin, Path file) throws IOException {
    InstalledPluginDescriptor pluginDescriptor = smpDescriptorExtractor.extractPluginDescriptor(file);
    if (!pluginDescriptor.getCondition().isSupported()) {
      cleanup(file);
      throw new PluginConditionFailedException(
        pluginDescriptor.getCondition(),
        String.format(
          "could not load plugin %s, the plugin condition does not match",
          plugin.getDescriptor().getInformation().getName()
        )
      );
    }
  }

  private InputStream download(AvailablePlugin plugin) throws IOException {
    return client.get(plugin.getDescriptor().getUrl()).request().contentAsStream();
  }

  private Path createFile(AvailablePlugin plugin) throws IOException {
    Path directory = context.resolve(Paths.get("plugins"));
    Files.createDirectories(directory);
    return directory.resolve(plugin.getDescriptor().getInformation().getName() + ".smp");
  }
}
Changeover to MIT license (#1066) * prepare license-maven-plugin for license migration * added license mapping for tsx files and added some more excludes * Changeover to MIT license * Fix build problems * Delete old remaining licenses * Add more exclude path for license checker * Rename included netbeans license, add exclude .m2/repository/ * Specify .m2 exclude because not only repository/, also wrapper/ must match * Add .cache/ exclude for license check * Modify formatting of license in java classes to comply with convention and IDE * Add IntelliJ documentation for license configuration * Update CHANGELOG.md * Exclude tmp/workspace/ dir for license check * Edit README.md Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com> 2020-03-23 15:35:58 +01:00			`/*`
			`* MIT License`
			`*`
			`* Copyright (c) 2020-present Cloudogu GmbH and Contributors`
			`*`
			`* Permission is hereby granted, free of charge, to any person obtaining a copy`
			`* of this software and associated documentation files (the "Software"), to deal`
			`* in the Software without restriction, including without limitation the rights`
			`* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell`
			`* copies of the Software, and to permit persons to whom the Software is`
			`* furnished to do so, subject to the following conditions:`
			`*`
			`* The above copyright notice and this permission notice shall be included in all`
			`* copies or substantial portions of the Software.`
			`*`
			`* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR`
			`* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,`
			`* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE`
			`* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER`
			`* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,`
			`* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE`
			`* SOFTWARE.`
			`*/`

implemented plugin installation 2019-08-20 14:43:48 +02:00			`package sonia.scm.plugin;`

improve hash calculation and use nio file apis 2019-08-21 07:44:50 +02:00			`import com.google.common.hash.HashCode;`
implemented plugin installation 2019-08-20 14:43:48 +02:00			`import com.google.common.hash.Hashing;`
improve hash calculation and use nio file apis 2019-08-21 07:44:50 +02:00			`import com.google.common.hash.HashingInputStream;`
implemented plugin installation 2019-08-20 14:43:48 +02:00			`import sonia.scm.SCMContextProvider;`
			`import sonia.scm.net.ahc.AdvancedHttpClient;`

			`import javax.inject.Inject;`
			`import java.io.IOException;`
			`import java.io.InputStream;`
improve hash calculation and use nio file apis 2019-08-21 07:44:50 +02:00			`import java.nio.file.Files;`
			`import java.nio.file.Path;`
			`import java.nio.file.Paths;`
implemented plugin installation 2019-08-20 14:43:48 +02:00			`import java.util.Optional;`

improve hash calculation and use nio file apis 2019-08-21 07:44:50 +02:00			`@SuppressWarnings("UnstableApiUsage") // guava hash is marked as unstable`
implemented plugin installation 2019-08-20 14:43:48 +02:00			`class PluginInstaller {`

			`private final SCMContextProvider context;`
			`private final AdvancedHttpClient client;`
Fix class name 2020-01-24 12:01:21 +01:00			`private final SmpDescriptorExtractor smpDescriptorExtractor;`
implemented plugin installation 2019-08-20 14:43:48 +02:00
			`@Inject`
Fix class name 2020-01-24 12:01:21 +01:00			`public PluginInstaller(SCMContextProvider context, AdvancedHttpClient client, SmpDescriptorExtractor smpDescriptorExtractor) {`
implemented plugin installation 2019-08-20 14:43:48 +02:00			`this.context = context;`
			`this.client = client;`
Fix class name 2020-01-24 12:01:21 +01:00			`this.smpDescriptorExtractor = smpDescriptorExtractor;`
implemented plugin installation 2019-08-20 14:43:48 +02:00			`}`

fix some code smells reported by SonarQube 2019-08-21 16:46:50 +02:00			`@SuppressWarnings("squid:S4790") // hashing should be safe`
PluginInstaller returns now PendingPluginInstallation, to abort the installation before restart 2019-08-20 16:38:29 +02:00			`public PendingPluginInstallation install(AvailablePlugin plugin) {`
remove downloaded artifact on error 2019-08-21 07:56:52 +02:00			`Path file = null;`
improve hash calculation and use nio file apis 2019-08-21 07:44:50 +02:00			`try (HashingInputStream input = new HashingInputStream(Hashing.sha256(), download(plugin))) {`
remove downloaded artifact on error 2019-08-21 07:56:52 +02:00			`file = createFile(plugin);`
improve hash calculation and use nio file apis 2019-08-21 07:44:50 +02:00			`Files.copy(input, file);`
implemented plugin installation 2019-08-20 14:43:48 +02:00
remove downloaded artifact on error 2019-08-21 07:56:52 +02:00			`verifyChecksum(plugin, input.hash(), file);`
Cleanup code 2020-01-23 17:05:55 +01:00			`verifyConditions(plugin, file);`
handle pending plugin installations 2019-08-21 12:49:15 +02:00			`return new PendingPluginInstallation(plugin.install(), file);`
implemented plugin installation 2019-08-20 14:43:48 +02:00			`} catch (IOException ex) {`
remove downloaded artifact on error 2019-08-21 07:56:52 +02:00			`cleanup(file);`
improve hash calculation and use nio file apis 2019-08-21 07:44:50 +02:00			`throw new PluginDownloadException("failed to download plugin", ex);`
implemented plugin installation 2019-08-20 14:43:48 +02:00			`}`
			`}`

remove downloaded artifact on error 2019-08-21 07:56:52 +02:00			`private void cleanup(Path file) {`
			`try {`
			`if (file != null) {`
			`Files.deleteIfExists(file);`
			`}`
			`} catch (IOException e) {`
			`throw new PluginInstallException("failed to cleanup, after broken installation");`
			`}`
			`}`

			`private void verifyChecksum(AvailablePlugin plugin, HashCode hash, Path file) {`
implemented plugin installation 2019-08-20 14:43:48 +02:00			`Optional<String> checksum = plugin.getDescriptor().getChecksum();`
			`if (checksum.isPresent()) {`
improve hash calculation and use nio file apis 2019-08-21 07:44:50 +02:00			`String calculatedChecksum = hash.toString();`
implemented plugin installation 2019-08-20 14:43:48 +02:00			`if (!checksum.get().equalsIgnoreCase(calculatedChecksum)) {`
remove downloaded artifact on error 2019-08-21 07:56:52 +02:00			`cleanup(file);`
implemented plugin installation 2019-08-20 14:43:48 +02:00			`throw new PluginChecksumMismatchException(`
			`String.format("downloaded plugin checksum %s does not match expected %s", calculatedChecksum, checksum.get())`
			`);`
			`}`
			`}`
			`}`

Cleanup code 2020-01-23 17:05:55 +01:00			`private void verifyConditions(AvailablePlugin plugin, Path file) throws IOException {`
Fix class name 2020-01-24 12:01:21 +01:00			`InstalledPluginDescriptor pluginDescriptor = smpDescriptorExtractor.extractPluginDescriptor(file);`
Cleanup code 2020-01-23 17:05:55 +01:00			`if (!pluginDescriptor.getCondition().isSupported()) {`
			`cleanup(file);`
			`throw new PluginConditionFailedException(`
			`pluginDescriptor.getCondition(),`
			`String.format(`
			`"could not load plugin %s, the plugin condition does not match",`
			`plugin.getDescriptor().getInformation().getName()`
			`)`
			`);`
			`}`
			`}`

implemented plugin installation 2019-08-20 14:43:48 +02:00			`private InputStream download(AvailablePlugin plugin) throws IOException {`
			`return client.get(plugin.getDescriptor().getUrl()).request().contentAsStream();`
			`}`

improve hash calculation and use nio file apis 2019-08-21 07:44:50 +02:00			`private Path createFile(AvailablePlugin plugin) throws IOException {`
			`Path directory = context.resolve(Paths.get("plugins"));`
			`Files.createDirectories(directory);`
			`return directory.resolve(plugin.getDescriptor().getInformation().getName() + ".smp");`
implemented plugin installation 2019-08-20 14:43:48 +02:00			`}`
			`}`